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(54) METHOD AND DEVICE FOR MANAGiNG COMPUTER NETWORK 



(57) A metiiod and a device for managing a compu- 
ter network* especiafly a technique for ensuring the 
security of a network. A computer network system in 
which computers are connected to each other through 
transmission lines, each computer stores the data 
whidi constitutes a moving type software exclusively 
used for security and transmitted together with a mes- 
sage when the computer transnrnts the message to 
another computer of the system, and executes the mov« 
ing type software by using the stored data upon receiv- 
ing a message from another computer. 
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Description 

TECHNICAL FIELD 

The present invention relates to a method of and a 
device for mana^ng a computer networK and in partic- 
ular, to a technique for ensuring the security of a net- 
work. 

BACKGROUND ART 

With development of open and global environments 
of computer communication such as the Internet, there 
occur an Increasing number of unjustified practices^ for 
example, to steal a ^ance at communication data or to 
falsify the data. Moreover, when a countermeasure is 
devise for an injustice, there immediately appears 
another trick for ^e injustice. Namely, there occurs a 
spiral of injusttce and oounternieasure. Compared with 
the conventional system of the past in whk^h business 
and operation are carried out in a dosed network of a 
firm, there exists an increased number of chances of 
unknown ir^ustices in the system of today using the 
open environments. Consequently, there has been 
desired a new countermeasure vi^ich is not associated 
with a simple extension of the prior art Turning out eyes 
to the immune system of the human body, the imnuine 
system prevents quite a large number of bacteria and 
viruses from entering the human body although there 
exist some exceptions. Additionally, even there appears 
an unknown bacterium or virus not existing in the space 
at present the immune system can anyhow cope with 
such bacterium or virus. Assuming the human body to 
be a computer networi^ and the bacteria and viruses to 
be injustices of vark)us tricks, it is to be appredated that 
there is required an immune system for the network. 
That is. it Is desired to implement a function, tike the 
immune system of the human body, to cope with a large 
number of unknown injustices taking place in the oonn- 
puter network. 

An article "A Bkslogically Inspired Immune System 
For Computers" wnitten by Jeffrey 0. Kephart and put)* 
lished from MIT Press in 1994 has disdosed heretofore 
a method of detecting and coping with injustices in a 
computer networtc 

Fig. 9 shows a conventional method. In Rg. 9. ref- 
erence numerals 1001 to 1018 respectively indicate 
computers each indudng a communicating functbn. 

Assume that a computer virus enters the computer 
1001 at time 1 and is rejected, and hence the computer 
1001 is immune to the computer virus. In the Immunized 
state, the computer retains a state in which the compu- 
ter memorizes assodated information to immediately 
cope with another invasion of the same computer virus. 
In this situation, the computer 1001 seids a "steriliza- 
tion signal" to the computers 1002 to 1006 adjacent 
thereto. The sterilization signal notifies that the compu- 
ter of the transmisston source is infected with the com* 



puter virus and indudes a scanning symbol string and 
restoring information useful for the receiving computer 
to detect and cope with the computer virus. Assume that 
among the computers 1002 to 1006 having received the 

5 sterilization signal, the computers 1002, 1004. and 
1006 have already been infected with the computer 
virus. Furthernrrore, it is assumed that the computers 
1007. 1008, 1011. 1013, and 1018 have also been 
infected with the conputer virus at time 1. 

10 At time 2, the computers 1 002 to 1 006 beforehand 
infected with the compute virus repulse the virus in 
accordance with the sterilization signal to obtain immu- 
nity against the vinjs. Thereafter, the computers 1002 to 
1006 further send the sterilization signal to the adjacent 

1$ computers. Although the corr^uters 1 0O3 and 1005 not 
infected with the virus obtain immunity against the virus 
in accordance with the steritizatkin signal, these com- 
puters do not further send the sterSization signal to the 
adjacent computers. 

20 tn this method, if the speed of propagation of the 
sterilization signal through the network rs higher than 
the infectkm speed of the computer virus, it is possible 
to prevent infection of the computer virus to some 
extent 

25 However, the knoivn example is attended with the 
following draMA)acks or problems. 

Frst. when two or more points are infected with the 
computer virus in an initial stage, the method cannot 
satisfactorily cope with the infection of the virus. For 

30 example, if the infection takes place in the computer 
1010 In addition to the conputer 1001 in Fig. 10. the 
sterilization signal from the computer 1001 is not 
passed to the conputer 1010 and hence it is Inpossible 
to repulse the virus in the computer 1010. As a result 

35 there exits a fear that the conputer virus infeded from 
the computer 1010 possibly invades the network via 
another adjacent computer beyond the computer 1010. 
tamely, although the computer virus is detected in the 
computer 1001 as the first virue inf^on place and the 

40 countermeasure is thus known, it is impossible to suff i- 
dently utilize information of the event for the prevention 
of Infection with the vrnjs. 

Second, the sterilization signal Is not completely 
retiabte. For example, the computer 1002 is invaded by 

45 the computer virus at time 1 and is hence partly unrelia* 
bla H cannot be confirmed at time 2 that the computer 
1002 is contpletely recovered. The conputer 1008 
operates in response to the sterilization signal dedared 
by the computer 1002. Actually, however, the computer 

50 1002 is fHTt yet completely recovered at this point, and 
hence there is a fear that the conputer 1002 sends an 
incorrect "sterilization signaT to deteriorate the overall 
network, which is not the object of the signal. In a para- 
graph of the conclusion of the artide above, this point 

55 has been described as a problem to be solved in the 
futura 

Third, consideration has been given only to injus- 
tices of computer viruses. For example, an attempt of an 
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unauthorized access from an external device to the 
computer has not been taken into consideration. Such 
an injustice other than the computer virus cannot be 
sufficiently coped with by the transmission of the sterili- 
zation signal. Depending on cases, it is necessary to $ 
transmit a countermeasure software for its execution. 
Maeover. if a "suppression signal* to suppress opera- 
tion at apprqTriate timing is not supplied to the counter- 
measure software, there possibly Increases the chance 
of runaway of the software or the like to damage normal w 
functions. However* this point has not been desaibed in 
the above article. 

Fourth, the method provides onty insufficient quar- 
antine for data from an external network.* Heretofore, 
software called a firewall is installed in a place to be is 
connected via the external network; alternatively, when 
a magnetic disk or a compact disk is mounted, there is 
introduced a vaccine software to prevent a program 
conducting injustices from entering the associated com- 
puters. However, in the present stage of art. there exists 20 
neither means to confirm reliabflity of the setting of the 
firewall nor means to guarantee nnanagement in which 
the latest vaccine software is activated in each compu- 
ter. 

Fifth, the quarantine is insufficient for data having 2s 
possibttity of injustice: The oon^tional vaccine soft- 
ware (fixed type security dedicated software) detects, in 
accordance with past instances of sufferings, a virus by 
use of a data layout characteristic to data when the virus 
is parasitic on a file system or a memory In conse- so 
quence. it is impossible at present to detect injustices 
caused by a virus of a new type. 

It is therefore an object of the present invention to 
provide a method of and a device for managing a com- 
puter network capable of co{»ng with simultaneous inva- 3S 
sion of computer viruses at a plurality of positions of the 
computer network. 

Another object of the present invention is to provide 
a method of and a device for managing a computer net- 
work capable of ensuring the reliability of a security soft- 40 
wara 

Still another object of the present invention is to 
provide a method of and a device for managing a conv 
puter network capable of suppressing a possible runa- 
w£^ of a security software. 45 

Further another object of the present inverrtion is to 
provide a method of and a device for n^naging a com- 
puter network capable of improving safety for data from 
an external network. 

Another object of the presort invention is to provide so 
a method of and a device for managing a computer net- 
work c^>able of immediately detecting outbreak of a 
computer virus of a new type. 

DISCLOSURE OF INVENTION ss 

To solve the at)Ove problem of the prior art, the 
present invention utilizes the following means. 



(1) in each conputer coupled with a network, there 
is installed a fixed type security dedicated nruxiule 
or a moving type security dedicated software to 
detect an injustice and/or to work out a counter- 
measure. In this case, when a computer sends an 
E-mail or a message such as database access 
data, the moving type security dedicated software 
is automatically added to the E-mail or data When 
the message anrives at the destination, the software 
is separated therefrom such that the function of the 
moving type security dedicated software is exe- 
cuted by the fixed type security dedicated module 
of the destination computer. The moving type secu- 
rity dedicated software is of a promotion type or a 
non-promotion type Since the promotion-type soft- 
ware produces a new copy thereof for each trans- 
mission destination before the transmission thereof, 
tfie copy can be transferred through the entire net- 
work at a possibly highest speed. This accordingly 
solves the first drawback above. 

(2) The moving type security dedicated software 
and security notification data include thar own dig- 
imi signature and hence are verified in either one of 
tiie following operations. 

(a) In accordance with the digital signature, the 
fixed type security dedicated modide of the 
destination computer conducts verification to 
conf irni ttiat ti)e moving type security dedicated 
software and the securi^ notificatk)n data have 
not been falsSied. 

fp) Tfie moving type security dedicated soft- 
ware periodically verifies itself to determine 
whether or not the security notification data 
thereof has been iaistfied. If it is determined 
that the data has been falsified, tiie software 
changes the contents titereof through a rewrite 
operation to invalidate itself, 
(c) Any other moving type security dedicated 
software conducts verification by the digital sig- 
nature to determine that the software has not 
been falsified. 

vyfrth this provision, the second drawt^ack 
above is solved. 

(3) As a result of execution, the moving type secu- 
rity dedicated software outputs the security notifica- 
tion data of "acceleration" or "suppression**. The 
output data is communicated via the fixed type 
security dedicated module to other fixed type secu- 
rity dedicated nudules. When the data indicates 
*acceIeration^ the moving type security dedicated 
software in the inactivation list is moved to the acti- 
vation list and hence the priority level of the nrH>virtg 
• type security dedicated software in tiie activation 
list becomes higher. When the data indicates "sup- 
pression*, the moving type security defeated soft- 
ware in tire activafion list is moved to the 
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inactivation list or the moving type security dedi- 
cated software rewrites itself for the invalidation 
thereof. In tNs situation, the activation and inactiva- 
tion lists are kept retained in the fixed type security 
dedicated module. If there exists a moving type 5 
security dedicated software in the activation list, the 
software is executed. A moving type security dedi- 
cated software existing in the Inactivation list is 
deleted therefrom when the software is not exe- 
cuted for a predetermined period of time. This 
resultantty solves the third drawback above. 

(4) Each conrputer is provided with the fixed type 
security dedicated software to conduct a check for 
the determination of a computer in which the mov- 
ing type security dedicated software is activated. 
When data is introduced from an external system, 
the data is copied onto the computer with the acti- 
vated software for the sterilization thereof so that 
the sterilized data is Introduced to the objective 
computer. 

(5) The moving type security dedicated software 
memorizes the configuration of any computer which 
the software visited before. The software (deter- 
mines particularly suspicious data) among new 
data added or among the updated data and moves 
the data to a computer exclusively used for execu- 
tion to thereby quarantine the data from the net- 
work When an injustice occurs due to a virus after 
the quarantine, a human manager wilt work out a 
countermeasura If no infection is detected for a 
predetermined period of time, the data is returned 
to the original computer. Wrth the provision, the fifth 
drawback is solved. 

That is, in accordance with the present invention^ 
there Is provided a computer network managing method 
for use in a computer network in which a plurality of 
computers are connected to each other via transmis- 
sion tines. When each of the conrputm sends a mes- 
sage to another computer setected from the computers, 
said each computer memorizes and keeps therein data 
forming a nx>ving type security dedicated software, said 
data being added to the message for transmission 
thereof. When said each computer receives the mes- 
sage from said another computer, said each computer 
executes said moving type security dedicated software 
in accordance with said data forming sad moving type 
security dedicated software, sak) data being added to 
the message. 

Moreover, in accordance with the present invention, 
there is provided a computer network managing device 
for use in a computer network in which a plurality of 
computers are connected to each other via transmis- 
sion tines. Each of the computers includes data forming 
a moving type security dedicated software, said data 
being ac^ed. when said each computer sends a mes- 
sage to another computer selected from tiie computers, 
to the message for transmission thereof, and a fixed 



type security dedicated module for executing, when said 
each computer receives the message from said another 
computer, said momg type security dedicated software 
in accordance with said data forming said moving type 
security dedicated software, said data being added to 
tiie message. 

BRIEF DESCRIPTION OF DRAWINGS 

Rg. 1 is a diagram showing constitution of a com- 
puter network system in an embodiment in accord* 
ance with the present inventk)n: 
Fig. 2 is a flowchart showing a processing proce- 
dure of a security agent; 

Fig. 3 is a flowchart showing another processing 
procedure of the security agent; 
Rg. 4 is a flowchart showing still another process- 
ing procedure of ttie security agent; 
Rg. 5 is a diagram showing structure of a system to 
cope with a computer virus by a computer in wNch 
a security dedicated software is activated; 
Fig. 6 is a diagram sho^ng a distributed system in 
which a file suspected for Infection with a computer 
virus is quarantined in ttte system; 
Fig. 7 is a ftowchart showing a procedure to cope 
with a computer virus by a computer in which a 
security dedicated software is activated; 
Rg. 8 IS a flowchart in which a file suspected for 
infection with a computer viois is quarantined in the 
distributed system; and 

Rg. 9 is a diagram for explaining a conventional 
security system. 

BEST MODE FOR CARRYII^ OUT THE INVENTION 

Referring now to the drawings, description will be 
given of an enribodiment in accordance with the present 
invention. 

Rg. 1 shows the configuration of an embodiment of 
the present Inventton in which a personal computer A 
101. a WWW server 102. personal computer X 103. 
personal computer Y 104, Taro*s personal computer 
105. and a computer 106 as an epidemk: prevention 
center are connected to a network 107. Personal com- 
puter A 101 includes af ixed-type security module 108 in 
which an open key list according to type 109. an activa- 
tion list 1 1 1 . an inactivation list 112. a security message 
list 113. a WWW browser 110. and an access control 
unit 114 are arranged. 

The access control unit 114 controls communica- 
tion of data between the fixed type security module 108 
and an external devwa The data is to be outputted from 
or to be inputted to the WWW browser 110. The control 
unit 1 1 4 inhibits any unautiwrized access to the module 
108. 

The WWW browser 110 outputs data A 115 to the 
WWW server 102 and receives data B 1 16 therefrom. 
Data A 1 1 5 includes, in addition to an ordinary mes- 
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sage 117 usually communicated between the WWW 
server 102 and the WWW browser 110. security soft- 
ware E3 118. digital signature ST (E3) 119 tor security 
software E3 generated by the Taro's personal coirputer 
105. security message M5 120 including a character 
string of "suppression" and ^'ES", and digital signature 
SB (MS) 121 for security message MS 120 generated by 
the ^iderrec prevention center 106. 

Data B 1 16 includes, in addition to an ordinary mes- 
sage 122 usually communicated between the WWW 
server 102 and the WWW browser 110, security soft- 
ware E4 123. digital signature SB (E4) 124 for security 
software E4 generated by the epidemic prevention 
center 106. security message M2 125 including a char- 
acter string of "acceleration'' and *E2'', and digital signa- 
ture SB (M2) 126 for security message M2 125 
generated by the epidemic prevention center 106. 

The activation list 111 is a stack of first-in-first-out 
type in which data is sequentially inputted to t>e accu- 
mulated beginning at the upper-most position and from 
which data is sequentially oulputted beginning at the 
lower-most position. Accumulated at the upper-most 
position is a pair 1 29 of security software El and its dig- 
ital signature SB (El). At the second position, there is 
stored a pair 130 of security software E3 and its digital 
signature ST (E3). 

The inactivation list 112 is a stack simitar to that 
described abo/e. Stored in the list 1 12 is a pair of secu- 
rity software and its digital signature SB (E2). 

The security message list 131 is a stack similar to 
that described above. Stored in the fist 131 is a pair of a 
character ^ring including '^i4)pression'* and "ES" and 
its digital sgnature SB (E2). 

In the open key Rst according to type 1 09. there aire 
set open key •27REA98...." 127 of identification name 
"B: Epidemic prevention center" for type "promotion" 
and open key *76C3BBA8....* 128 of identification name 
"T: Taro" for type "non-promoton". Open key 
''27F7EA98....' 127 of 'B: Epidemk: prevention center 
Is used to verify validity of digital signature SB (.) such 
as SB (El) 129 or SB (E2) 112 generated by the ^i- 
demic prevention center 106. Open k^ "TeCSBBAS...." 
128 of "T: Taro" is adopted to verify validity of digital s^- 
nature ST (.) such as ST (E3) 130 generated by the 
Taro's personal computer 105. 

Fig. 2 shows a processing flow of the WWW 
browser 1 10 when data A 115 and data B 1 16 are com- 
nrujnicated between tfie personal computer A 101 and 
the WWW server 102. In step 201. the browser 110 
starts its operation. In step 202. the browser 110 exe- 
cutes a receiving operation. In step 203, the browser 
110 Initiates operation of the security function. In step 
204. the browser 1 10 then conducts a check to deter- 
mine whether or not a security software is added to the 
received data If the software is present, control is 
passed to processing of step 205; otherwise, control is 
transferred to processing of step 209. 

in step 205. the browser 110 executes subroutine 



A. In step 206. control is passed to processing of step 
207 if the return value from subroutine A is 0. Other- 
wise, control is passed to processing of step 209. In 
step 207, the browser 1 1 0 checks to determine whether 

5 or not a security software similar to the received security 
software has already been registered to the activation 
list 1 1 1 or the inactivation list 1 12. If such a software is 
present, control is transferred to step 208: otherwise, 
control is passed to step 209. 

10 In step 208. the browser 110 adds the received 
security software to the stack of activation list 1 1 1 at the 
upper-most position. In step 209. the browser 110 
makes a check to detemrtine whether or not a transmit- 
ting operation is to be conducted. If this is the case, con- 

IS trol Is transfen'ed to step 210; otherwise, control Is 
passed to step 219. In step 210. the browse 110 
checks to determine whether or not the activation list 
111 is empty. If empty, control is passed to step 213; 
otiierwise. control is transferred to step 21 1. 

20 fin step 211. the browser 110 acquires a security 
software from the stack of activation list 111. the soft- 
ware existing at the iower-most position thereof. In step 
212. the browser 110 produces a copy of the security 
software and returns the copy to the original position of 

^ tiie stack of activation list 111. Control is then passed to 
6t^217. 

In step 213. the browser 110 checks to determine 
whether or not the inactivation list 1 1 2 is enpty. If empty, 
control is passed to step 219; othenvise. control is 

30 transfen'ed to step 214. in step 214. the browser 110 
acquires a security software from the stack of inactiva- 
tion list 112, the software existing at tiie kMrer-most 
position thereof. In step 215. the browser 110 checks to 
d^ermlne whether or not tiie security software is of the 

35 pronxTtion type. If this is the case, control Is passed to 
step 216; otherwise, control is transfenred to step 21 7. 

In step 2 1 6. the browser 1 1 0 produces a copy of the 
security software and then returns the copy to the origi- 
nal position of the stack of inactivation list 112. In step 

40 217. the browser 1 10 adds the security software to the 
transmission data and then transmits the resdtant data 
therefrom. In st^ 218. the browser 110 executes sut>- 
routine B. Thereafter, the WWW browser terminates its 
operation In step 219. 

45 Rg. 3 shows a processing flow of subroutine A 205. 
Description wilt now be given of processing by referring 
to the flowchart 

In step 301. subroutine A starts operation thereof. 
In step 302, a check is carried out to determine whether 

50 or not the digital signature added to the security soft- 
ware is valid. If valid, contrc^ is passed to step 303; otti- 
enwise. control is transferred to step 307. In step 303. 
control is passed to step 304 if the digital signature has 
been generated by the epidemic prevention center 106. 

55 H the signature has been generated by the Taro's per- 
sonal computer 105. control Is transferred to step 305. 
Otiienmse, control is passed to step 306. 

In step 304. subroutine A determines that the secu- 
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rity software is of the promotion type and then sets the 
return value to 0. In step 305. sut^routine A determines 
that the security software is of the non-promotion type 
and then sets the return value to 0. in step 306. subrou- 
tine A writes a meaningless character string over the $ 
security software to thereby invalidate the software and 
then s^s he return value lo l . In step 307. subroutine A 
checks to determine whether or not a security message 
is added to the received data. If the message is present, 
control is passed to step 308; othenivise. contro) is to 
transferred to step 312. 

in step 308. subroutine A checks to determine 
whetfier or not the digital signature of the security mes- 
sage is valid, namely, whether or not the digital signa- 
ture has been generated by the epidemic prevention is 
center. If valid, control is transferred to step 309: other- 
wise, control is passed to step 312. 

In step 309, control is passed to step 310 if the 
security message contains '*acceleratlon\ if "suppres- 
sion" is contained, control is passed to st^ 311. Instep 20 
310, if the security software specified by the security 
message exists In the activation or inactivation list, sub- 
routine A moves the software to the lower-most position 
of the activation list. Otiierwise. subroutine A passes 
control to step 312. in step 31 1 , if the security software ss 
specified by the security message exists in the activa- 
tion or inactivation list subroutine A deletes the soft- 
ware. Othenvise. subroutine A passes control to step 
312. TTiereafter. subroutine A terminates its operation in 
step 312. 30 

Fig. 4 shows details of the procedure of the subrou- 
tine 209. This procedure Is associated witti a list 
processing of the activation list 111 and the inactivation 
list 1 12 of the embodiment 

Prior to execution of this processing, tiie subroutine 3S 
209 calculates a load in accordance with the memory 
consummation, the disk consummation, and ttie CPU 
utiBzation rate at the activation of the security dedicated 
software. If the software is inactive for a predetermined 
period of time, contrd is passed to another computer 4o 
(the process is terminated by the oonputer and the 
process is then initiated by another computer). On 
receiving ttie "suppression" signal, the subroutine 209 
terminates its operation, ft is to be appreciated tiiat 
there is required the capability of tiie security dedicated 4s 
software to detect the conditions for operation as 
desatbed above. 

Next description will be given of each step. 

Fust in step 401. the subroutine 209 checks to 
deterrrvne presence or absence of condition of opera- so 
Won 1 (transmitting operation to Instruct suppression). If 
the operation is present, control is passed to step 407; 
ottierwise. control is passed to step 402. In step 402. 
the subroutine 209 checks to determine whether or not 
the activation list 1 1 1 is enr^. if empty, control is trans- ss 
iened to step 407; ottienvtse. control is passed to step 
403. 

In step 403. ttie subroutine 209 acquires a security 



software from the lower-most position of the stack of 
activation list ill. Subsequentiy. in step 404. the sub- 
routine 209 initiates ttie security software (sets the soft- 
ware to an activated state). In step 405. tiie subroutine 
209 adds a result of execution of step 404 to tiie stack 
of the security message to transmit tiie execution result 
to other computers. In step 406. the 6iA}routine 209 
stops ttie process of tfie security software to set ttie 
software to an inactivated stata Thereafter, tiie subrou- 
tine 109 adds the software to tiie list of ttie inactivation 
l^st11^ 

In step 407. ttte subroutine 209 checks to deter- 
mine presence or absence of condition of operation 2 
(transmitting operation to instruct activation). If the oper- 
ation is present, control is transferred to step 408; ottier- 
vi^e. control is passed to step 210. In step 408. ttie 
subroutine 209 checks to determine whettier or not ttie 
inactivation list 112 is empty. If empty, control is passed 
to step 21 0; ottteiwise. control is transfenred to st^ 409. 
In step 409. the subroutine 209 acquires a security soft- 
viare from ttie lower-most position of ttie stack of inacti- 
vation list 1 12. In step 4i o. the subroutine 209 checks to 
determine whettier or not a period of time has lapsed 
from a point of time at wtnch the security software is 
moved to the inactivation list If ttiis is the case, oontiol 
is passed to step 414; ottierwise. control is transferred 
tDstep411. 

In step 41 1 . the subroutine 209 initiates the security 
software (sets ttie software to an activated state). In 
^ep 412, the subroutine 209 adds a result of execution 
of step 111 to ttie stack of security message to transmit 
ttie execution result to other computers. In step 413, the 
subroutine 209 stops the process of the security soft- 
ware and sets the software to an inactivated state and 
ttien atids ttie software to the stack of inactivation list 
112. In step 414. the securtty software is unnecessary 
fbr the computer and is ttie deleted therefrom. 

ft is to be appreciated ttiat ttie stacks of the activa- 
tion and in activation lists can be simply constructed 
a queue structure of the f irst-in-flrst-out type. 

Next, description will be given of another embodi- 
ment of the present invention. 

Rgs. 5 and 7 show ttie configuration and a flow- 
chart of anottier embodiment in accordance witti ttie 
present invention. Rg. 5 shows the system configura- 
tion and Fig. 7 is a processing procedure of the system. 
In ttiis emt>odiment when data is introduced from an 
external system, a computer of which a moving type 
security first software is assumed as an entrance to the 
system of ttie embodiment to ttiereby conduct the pre- 
ventbn of epidemics in ttie overall system. 

Description will be first given of ttie hardware con- 
figuration by referring to Fig. 5. 

A numeral 501 indicates an internal networi< and a 
numeral 502 denotes an external network, f^umerals 
51 1 and 521 indicate computers (terminal devices) con- 
nected to the networi( 501 . A computer 511 has a hard 
disk 512 and controls a file system 513. A computer 521 



6 



11 



EP0893769A1 



12 



has a hard disk 522 to control a file system A 
numeral 505 Indcates a computer (server) connected to 
the external network 502. A numeral 506 denotes a 
computer (firewall) to separate the external network 501 
from the internal network 502. 

Description will be given of the software oonf igura- 
tfon b/ ref ening to Fig. 5. 

A numeral 540 Indicates a server program whteh 
operates on the computer 505 and Is. for exanple, a 
WWW server program. A numeral 541 is a client pro- 
gram which operates on the computer 511 and is. for 
example, a WWW client program. Each of the numerals 

531 and 532 denotes a security dedicated software, and 
the software is circulated through computers in the net* 
work 501 or is resident in a particular node. In this case, 
for simplification of explanation, it is assumed that the 
numeral 531 indicates a fixed type software (called 
security clerk) on the computer 51 1 and the numeral 

532 denotes a moving type software (called security 
agent) active on the computer 521. 

Referring now to Fig. 7. description will be given of 
operations of ^e programs 531 and 532 in which data is 
downloaded from the program 540 onto the program 
541 to t>e stored on the hard disk 51 2 as a file of the f Oe 
system 513. 

Next, desaiption will be given of each step of Rg. 7. 
(1) Pre-processing 

in step 701 , the client program 541 issues a request 
for a file transfer of data managed by the sender program 
540. in step 702, the server program 540 receives the 
request from the client 541. In step 703. the client pro- 
gram 541 issues to the security derk 531 a request of 
"prep^stion for sterilization of data to be downloaded". 
In step 704. the security clerk 531 receives the request 
of step 704 and makes a search for a computer of which 
a security agent is activated. For example, the security 
derk 531 conducts a tvoadcast communicatk)n to issue 
a pertinent enquiry to the security agent (or the security 
cleric) of each computer on the networi^ 501. The secu- 
rity derk 531 regards a computer from which the answer 
is first received as the computer of which the security 
agent is active. Alternatively, when a plurality of security 
agents are active, there may be employed a method in 
whid) the security deri( 531 n»kes a judgement in 
accordance with the number of active security agents or 
the types thereof. 

In step 705. the security derk 531 transmits. In 
accordance with the judgement in step 704. a request of 
step 703 to the program 532 operating on the conputer 
521 . In step 706. the security agent 532 having received 
the request of step 703 prepares for operation. This 
exanpie shows an operation to mount the file system 
523 as a partial tree structure onto the file system 513. 
Thereafter, the completion of preparation is notified to 
the security clerk 512. 

in step 707, fhB security derk 512 transrrntB to the 



program 541 such information items obtained In steps 
704 to 706 (as a mounting point of the remote file sys- 
tem 523 and a type, an operation procedure, and tiie 
Gke of the security agent 512). 

5 

(2) Main processing 

In step 711. tiie program 541 conducts the down- 
load operation in accordance with a conventional file 

10 transfer protocol (e.g.. FTP). However, tiie download 
destination is the remote f Oe system 523 for which the 
security agent 512 is activated In step 712, in accord- 
ance with Information obtained in step 707. the program 
541 requests tiie security agent 512 (again via tiie 

15 security derk 531) to sterilize the file downloaded in 
step 708. 

In step 713. the security agent 532 conducts tiie 
sterilizing operation. When any abnomiality is detected, 
tiie downloaded data is deleted. Thereafter, a result of 
so operation is returned to the program 541. In step 714, 
tiie program 541 moves tiie sterilized downk>ad data 
from the file system 523 to tiie file system 513. 

(3) Postixocessing 

25 

In step 721. the program 541 requests the security 
agent 541 (via tiie security derk 531) todemountthefiie 
system 523. In step 722. tiie security agent 541 
demounts the file system 523. In step 723. tiie security 

30 agent 541 notifies tiie completion of tiie post-processing 
(via tiie security derk 531) to tiie program 541 to 
theretiy complete tiie processing operation. 

In ttie embodiment above, for simplification of 
explanation, the program 531 Is a fixed type software 

35 and the pro-am 532 is a moving type software. How- 
ever, tiie operation above can be achieved regardless of 
tiie moving or fixed type of tiie software. It is an aspect 
of the entbodiment that the program 531 and tiie pro- 
gram 532 can communicate witii each ottier to cooper- 

40 atively condud operation, in tiie conventional virus 
inspecting mettiod. a confer (tiie computer 511 in 
tills example) is infeded witii a virus in an effective 
security dedk^ated software does not exist in the com- 
puter. However, in this entfxidiment, since tiie presence 

4$ of a security dedicated software is deteded and tiiere 
exists an entry pro^m (clerk) for the mediation, it is 
possible to more df ioently insped the virus. 

Rgs. 6 and 8 show anotiier embodiment of tiie utili- 
zation method of tiie present invention. Fig. 6 is a sys- 

so tem configuration diagram and Fig. 8 is a processing 
procedure of the system. In tills embodiment, a file 
assodated with occurrence of an injustice due to a virus 
of a new type is isolated from the cSstributed system to 
tiiereby condud the prevention of epidemics in the over* 

55 all system. 

Referring to Fig. 6. description will be given of tiie 
hardware configuration. 

A numeral 601 indicates an internal networic 
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Numerals 602, 61 1 . and 621 are computers oonneded 
tothenetmrkeoi. The computer 611 has a hard disk 
612. The computer 621 has a storage medium, for 
example, a hard disk 622. Moreover, the computer 621 
also possesses a recording medium 623, for exanple, a 5 
magnetic tape which can be separated from the hard 
disk 622. On the hard disk 622. there exists a file 613 
suspected for the infection with a viru& The computer 
621 is a file server in the network 601 . 

Referring now to Rg. 6, description will be given of 10 
the software configuration. 

A rttimeral 650 indicates a fixed type security dedi- 
cated software (to be called virus buster in this case) 
which operates on the computer 621 . A numeral 651 
denotes a moving type security software (called security 75 
agent) which circulates through the network 601. The 
security agent 651 has a table including a state 
obtained by the previous inspection of the computer 61 1 
(the state includes, for example, the file system conf igu- 
ratk>n» the contents of the hard disk, and addresses of 20 
resident programs in the memory). A numeral 653 
denotes a fixed type security dedicated software (secu- 
rity clerk) for the medatton between the virus buster 650 
and the security agent 651 . 

Refenring to Rg. 8. description will be given of an ss 
operation in whk:h the file 613 su^ected for the infec- 
tion of a virus is provisionally isolated by the file sender 
621 to pre/ent the infectkin with the conputer virus of a 
new type through cooperation of ^e programs 651 , 650, 
and 653 related to security. 3o 

Next, descriptton wiB be given of each step. 

(1) Pre-processing 

In step 801 , the security agent 651 am'ves at the 35 
con^uter 61 1 and then starts a search, in step 802. in 
accordance with a list 652 generated as a result of the 
pra<iou5 circulation, the security agent 651 makes a 
search for a file 613 suspected for infectkm with a conv 
puter virus of a new type. As criteria for the suspected 40 
files, there may be used, for exanple, a new f ile gener- 
ated after the pr6vk)us circulation or a file updated also 
thereafter. 

In step 803. the security agent 651 issues to the 
security clerk 653 a request connection between the file 4s 
sen/er 621 and the con^uter 61 1 via the network 601. 
In step 804, the security agent 651 transfers the sus- 
pected file 613 to the file server 621. In this embodi- 
ment it is more desir^e that the file server 621 is 
disconnected from the network if there is not a request so 
from the security agent 651 to the security clerk 653. 

In step 805. the security agent 651 again notifies to 
the virus buster 650 In advance a procedure of moving 
the file 613 transferred in step 803 onto the hard disk 
612. For example, the file is moved when the security 55 
agent 651 again circulates through the computer 61 1 . 
Alternatively, there may be determined a procedure to 
move the fOe 613 when the illness is not detected after 



lapse of a period of time detemnined by the system. 

(2) Main processing 

In step 81 1 . the virus buster 650 monitors the com- 
puter 621 and the hard di^ 622. When an injustice is 
detected, the buster 650 notifies the condition to the 
manager. In step 812, the virus buster 650 stores tiiefile 
just transferred from a computer on the network to t>e 
separated from the files in which the illness is not 
detected for a predeterrrrined period of time. For exam- 
ple, the buster 650 saves tiie file on a medium (mag- 
netic tape) 623 which can be separated from the hard 
disk In this embodiment, there are empk)yed two 
stages in association witfi the lapse of time and the 
number of media. However, a multi-stage system may 
be implemented depending on tiie system configura- 
tion. 

(3) Post-processing 

In step 821. the security agent 651 issues, in 
accordance with a procedure determined in step 805, a 
request to transfer ttie file 613 stored at the nwment on 
the medium 623 (tiie illness not detected in the file 613) 
to the original computer 611. In step 822, the security 
derk 653 issues an enquiry to tiie vims buster 650 for 
the transfer request in step 821 . When the virus buster 
650 acknowledges, tiie security derk 653 again con- 
nects ti^e computer 61 1 to the computer 621. Thereaf- 
ter, in step 823, tiie security derk 653 transfers the file 
613 from tiie tape 623 of the computer 621 to tiie hard 
disk 612 of the computer 61 1 . 

Thanks to the configuration of the embodiment 
above, tiie problems of tiie prior art can be solved as fol- 
lows. 

(1) Even when tiie computer virus simultaneously 
invades the network system at a plurality of posi- 
tions tiiereof, the system can cc^e wnth the condi- 
tion. That is. the security software 1 18 is added to 
tiie ordinary message 1 1 7 sent from pereonal oonv 
' puter A 101 to tiie WWW server 102. and the soft- 
ware is transmitted to all of the computers which 
access the WWW server 102 such as personal 
computer X 103 and personal computer Y 104. Fur- 
tiiermore, the security software 123 generated by 
the epidemic prevention center 106 is of the promo- 
tion type and increases In geometrical progression 
to propagate through tiie network 107. Conse- 
quentiy. it Is posstole to inspect the overall network 
107 as quickly as possSile to tiiereby remove any 
injustica On tiie otiier hand, the security software 
118 generated by the Taro's personal conrputer 105 
is of the non-promotion type and hence it takes time 
for the software 1 1 8 to pmpagate through the entire 
network 107. However, this is suitable to locally 
work out the countermeasure through a relatively 
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low-speed monitoring operation. Comparing the 
system to the human Immune system, the network 
1 07 stands for the blood circulating system and the 
ordinary message 117 circulates as blood there- 
through. The WWW server 102 is compared to the s 
heart to drcuiate blood. The security software units 
118 and 123 stand for immune cells moving 
together with the blood flow and propagate entirely 
through the human body, namely, the personal 
computer X 103 and personal computer Y 104 to w 
repulse invading viruses. There are two kinds of 
imnrujne cells; specifically, the security software 123 
which is generated by the epidemic prevention 
center 1 06 and which has relatively high reliability is 
compared to a lymphocyte having a function to is 
increase in nuni>er through promotion. The secu- 
rity software 1 18 generated by the Taro's personal 
computer 105 is compared to a macrophage to 
serve a complementary function (or the lynv 
phocyta 20 

(2) Reliability of the security software can be 
retained. That is, if the security software 1 16 is ^1- 
sified while the software 1 18 is moving through the 
network 107, the felsif ted software 1 1 8 will not con- 
tinue its operation. This is because the digital signa- zs 
ture 119 is checked for validity thereof in the 
computer to which the software 118 is moved. 
Conparing the operation to that of the human body, 
¥vhen the immune cell (security software 118) 
becomes out of order, the immune system (fixed ao 
type security module 108) resident in the destina- 
tk)n computer recognizes the con(fit*on and kills the 
cell. Additionally, the securi^ message 120 is com- 
pared to an interteukin which is a notification signal 
between inrnine systems. When the interieukin is 35 
changed in quality, the inmjne system (fixed type 
security module 108) recognizes the state and 
ignores the condition (step 309). 

(3) At occunrence of runaway of the security soft- 
ware, it Is possible to suppress the runaway. 40 
Namely, the execution result 132 of the security 
software is registered to the WWW server 102. 
When the epidemic prevention center 106 checks 
the results 132 and assumes an occurrence of run- 
away, the center 106 registers a security message 4$ 
125 Including a character string of "^iwression" to 
the WWW server 102 to thereby send a signal to 
stop operation of the security software to personal 
computer A. Comparing this operation to that of the 
human body, the message including "suppression" so 
stands for the interieukin secreted from a sup- 
presser T cell. Simtlariy, the security message corb 
taining "acceleration" is conpared to the interieukin 
secreted from a helper T cell. 

As above, in accordance with the embodiment, ss 
the problems of the prior art can be solved; moreo- 
ver, by keeping the executed security software in 
the inactivation list 1 12 for a predetermined period 



of time (step 411), it is possible, when a pertinent 
Invasion occurs, to keep a state in which the coun- 
termeasure can be immediately worked out only by 
receiving the security message with "acceleration". 
This corresponds to the function of the immune cell 
of the human body. 

(4) The computer virus can be sterilized through the 
location where the security software exists. This 
can be regarded as the immune function of the 
human body. For example, this corresponds to the 
function to activate an immune cell having a partic- 
ular function for each of internal organs such as the 
lung, the stomach, and the Intestines which are 
Invasion entrances of external viruses. 

(5) It is possi)(e to quickly detect occurrence of a 
computer virus of a new type. In relation to the 
human body, this corresponds to the function of an 
immune cell against viruses in a particular Internal 
organ such as ttie lever. 

INDUSTRIAL APPLICABILITY 

In accordance with the present invention, there can 
k>e provkfed a method of and a device for managing a 
computer network capable of coping with simultaneous 
inva^on of computer vinjses at a plurality of positions of 
the computer network 

Moreover, in accordance with the present invention, 
there can be provided a method of and a device for 
managing a computer network capable of ensuring refi* 
ability of the security softwara 

FurthernrK>re, in accordance mth the present Inven- 
tion, there can be provided a method of and a device for 
managing a computer network capable of suppressing 
runaway of tiie security software. 

Additionally, in accordance with the present inven- 
tion, there can be provided a method of and a device for 
managing a oomputer network capable of improving 
safety for data from an external networtc 

Moreover, in accordance with the present invention, 
there can be provided a method of and a device for 
managing a computer network capable of immediately 
detecting occurrence of a computer vims of a new type. 

Claims 

1 » A oomputer networii managing method for use in a 
oomputer network in whk^h a plurality of computers 
are connected to each other via transmission fines, 
wherein 

when each of the computers sends a message 
to another computer selected from the comput- 
ers, said each computer stores and fx>lds 
therein data constituting a moving type security 
dedicated software, ssud data being added to 
the message for iransmissbn thereof, and 
when sakJ each computer recdves the mes- 
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sage from said another computer, said each 
computer executes said moving type security 
dedicated software in accordance with said 
data constituting said moving type security 7. 
dedicated software, said data being added to 5 
the message. 

2. A computer networl< managing method in accord- 
ance with Claim 1 , wherein when said each compu- 
ter detects an injustice to the network, said each 10 
computer notifies, in response to the detection of 
the injustice, information of the detection via said 
transmission lines to other conrtputers of the sys- 
tem. 

(5 

3. A computer networit managing method in accord* 

ance mth Ciaim 1 , wherein when said each compu- 8. 
ter sends a message to another computer selected 
from the computers, said each computer sends 
data forming a moving type securf^ deeficated soft- 20 
ware, the data being added to the message and 

said each computer menKirizes and keeps 
therein the data forming the moving type secu- 
rity dedicated software. 2S 

4. A computer network managing method in accord- 
ance with Claim 1 , wherein when said each oorrpu- 
ter sends a message to another computer sdected 
from the computers, said each computer sends so 
data forming a moving type security dedicated soft- 
ware, the data being added to the message and 

said each conr^uter deletes therefrom the cferta 
forming the moving type security dedicated 3s 
software. 



rity dedicated software from the inactivatfon 
nst 

A corrputer network managing method in accord- 
ance with Claim 6. wherein 

a moving type security dedicated software reg- 
istered to the activation list is added, when said 
each computer sends a message therefrom, to 
the message for transmission thereof, and 
said moving type security dedicated software is 
separated from the message when the mes- 
sage arrives at a destinatk^n computer of the 
message and said software is automatically 
executed by the destination computer. 

A computer network managing method in accord- 
ance with Claim 6, wherein 

said moving type security dedicated software 
outputs, as a result of execution thereof, secu- 
rity notification data indicating "acceleratfon* or 
"suppression", 

said oulputted data Is transmitted to other com- 
puters of the system. 

when said data is received by one of saki other 
conputers and indicates "acceieratton", said 
moving type security dedicated software in said 
inactivation list is moved to said activation list 
and said moving type security dedicated soft- 
ware beforehand ^sting in saki activation list 
is increased in an execution priority level, and 
when said data \& rec^ved by one of saki other 
computers and indicates "suppression", said 
moving type security dedicated software In sakJ 
activatfon list is nrtoved to said inactivation list 



5. A computer network managing method in accord- 
ance with Claim 1 , wherein said moving type secu- 
rity dedicated software includes a plurality of 
moving type security dedicated software units of 
different operatfon types, the software units detect- 
ing different Kinds of injustices and conducting dif- 
ferent processing. 

6. A computer network managing method in accord- 
ance with Ciaim 5. wherein said each conrputer 
memorizes and )<eeps therein two kinds of list 
including an activation fist and an inactivallon list. 

said each computer executes, when the activa- 
tion list includes a moving type security dedi- 
cated software registered thereta the moving 
type security dedicated software, and 
said each computer deletes, when a moving 
type security dedicated software registered to 
the inactivatfon list is not operated tor a prede- 
termined period of time, the moving type secu- 



9. A computer network managing method in accord- 
ance with Claim 6. wher^n 

40 

when said moving type sectmty dedicated soft- 
ware outputs, as a result of executfon thereof, 
security notification data indicating "suppres- 
sion", the software moves itself to the inactiva- 
4S tion list or rewrites itself for invalidation thereof. 

10. A computer networit managing method in accord- 
ance with Claim 1, wherein said message to be 
transmitted together with said moving type security 

50 dedicated software or said security notif k:ation data 
is an E-mail or database access data 

11. A computer networi< managing method in accord- 
ance with Claim 1 . wherein said moving type secu- 

ss rity dedicated software includes a digital signature 
of its own and 

sakl fixed type security dedicated module in a 
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destination conputer of the message conducts 
verification by said digital signature to deter- 
ntine that said nfioving type security dedicated 
software has not been fateif led. 



ance with Daim 1. wherein said each computer 
keeps therein a list of a plurality of open keys, said 
keys being classified into two t^es of a promotkin 
type and a noniaromotkxfi type. 



12. A computer network managing method in accord- 
ance with Claim 1 . wherein said moving type secu- 
rity dedicated software Includes a data area to keep 
therein history of propagation and operation 
thereof. 

when sakt data area indicates that said soft- 
ware is already propagated to the destination 
computer, said software stqps the moving 
thereof. 

13. A computer network mana^ng method in accord- 
ance with Claim 5» wheren said moving type secu- 
rity dedicated software indudes a data area to keep 
therein an Index indicating a magnitude of load 
resulted from operation of the software and 

one of said nKJving type security dedicated 
software units is selected from the activation 
list for execution thereof, said one software 
having a lowest load among the software units. 

14. A conputer network managing method in accord- 
ance with Claim 1 . wherein said moving type secu- 
rity dedicated software encrypts itself when saki 
software is outskie said fixed type security dedi- 
cated module. 

15. A conputer network managing method in accord- 
ance with Claim 1 . wherein said moving type secu- 
rity dedicated software includes a digital signature 
of its own and periodically conducts verification of 
the digital signature to determine whether or not 
said software has t>een fiatsffied, and 

said software rewrites, when it is determined 
that said software is falsified, fiself for invalida- 
tion thereof. 

16. A computer network managing method in accord- 
ance with Claim 1. wherein said moving type secu- 
rity dedicated software verifies ano^er moving type 
security dedicated software existing in a fixed type 
security dedicated rruxlule of a destination cornpu- 
ter of the message and a digital signature thereof, 
and 

said moving type security defeated software 
rewrites, when it is determined that said soft- 
ware in said module is falsified, said software in 
said module for invalidation thereof. , 

17. A computer network manag'ng method in aocofd- 



when said digital signature added to the mov- 
ing type security dedicated software can be 
confirmed by an open key classified into the 
propagation type, said each computer deter- 

10 mines that the moving type security dedicated 

software is of the promotion type, and 
when said digital sigiature added to the mov- 
ing type security dedicated software can be 
confirmed by an open key classified into the 

15 noni^ropagation type, saki each computer 

determines that the moving type security dedi- 
cated software is of the non-promotion type. 

ia A computer network managing method in acoord- 
20 ance with Claim 1. wherein sakf each cortrputer is 
prevented from accessing internal data beyond a 
read range, a write range, and an execution rage 
beforehand altocated for each user. 

25 19l A computer network managing method in accord- 
ance with Claim 1. wher^n when copying data from ^ 
an external system onto first one of saki cornputers. 
said data is copied onto second one of saki com- 
puters, sak) second computer inducing a plurality 

30 of moving type security dedicated software units In 
an active state, and 

saki data in which no injustice is detected by 
saki moving type security decficated software is 
3$ copied onto saki first computer. 

20. A computer network managing method in accord- 
ance with Claim 1. wherein one of saki plural com- 
puters is set as a computer exclusively conducting 

40 countermeasure again injustices, and 

data in which injust'ce are detected by said plu- 
ral moving type security dedicated software 
units is f orobly moved to said countermeasure 
45 dedkated computer. 

21. A computer network managing devk;e for use in a 
Gorrputer network in virhich a plurality of computers 
are connected to each other via transmission lines. 

so wherein each of the computers includes 

data forming a moving type security dedicated 
software, said data being added, when said 
each computer sends a message to another 
55 computer selected from the computers, to the 

message for transmission thereof, and 
a fixed type security dedicated module for exe- 
cuting, when said each computer receives the 
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message from said anotiier computer^ said 
moving type security dedicated software in 
accordance with said data fonrvng said moving 
type security dedicated software, said data 
being added to the message. 

22. A computer network managing device in accord- 
ance with Claim 21 , wheran said fixed type security 
dedicated module includes 

/ detecting means lor detecting an injustice to 
the network, and 

notifying means for notifying, in response to the 
detectk}n of the injustice by sak} detecting 
means, informatton of the detection via saki 
transmission Ones to other computers of the 

system. 

23. A computer network managing device in accord- 
ance with Oaim 21, wherein when sakl each com- 
puter sends a message to another computer 
selected from the computers, said each computer 
sends data forming a moving type security dedi- 
cated software, the data being added to the mes- 
sage and 

sakI each oorr^uter nremorizes and keeps 
therein the data forming the moving type secu* 
rity dedicated software. 

24. A compute network managing device in accord- 
ance with Claim 21, wherein when sakl each com- 
puter sends a message to another computer 
selected from the computers, said each computer 
sends data forming a moving type security dedi- 
cated software, the data being added to the mes- 
sage and 

sakl each computer deletes therefrom the data 
forming the moving type security dedicated 
software. 

25. A computer network managing device in accord- 
ance with Claim 21. wherein said moving type 
security dedk:ated software includes a plurafity of 
moving type security dedicated software units of 
different operation types, the software units detect- 
ing different kinds of injustices and conducting dif- 
ferent processing. 

26. A computo' network managing device in accord- 
ance with Claim 25, wherein sakl fixed type security 
dedicated module memorizes and keeps therein 
two kinds of list including an activatk^n list and an 
tnactivatbn list 



ware registered thereto, the moving type secu- 
rity dedicated software, and 
saki module deletes, when a moving type 
security dedicated software registered to the 
5 lnactivatk)n list is not operated tor a predeter- 

mined period of time, the moving type security 
dedk»ted software from the inactivatk)n list. 

27. A computer network managing device in accord- 
10 ance with Claim 26, wherein 



a moving type security dedicated software reg- 
istered to the activation list is added, when saki 
each computer sends a message therefrom, to 
the message for transmission thereof, and 
sakl moving type security dedk:ated software is 
separated from the message when the mes^ 
sage arrives at a destination computer of the 
message and a functk>n of said software is 
autonrtaticady executed by sakl fixed type secu- 
rity dedicated module the destination compu- 
ter. 
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28. A computer network managing devk:e in accord- 
ance with Claim 26. wherein 

saki moving type security dedicated software 
outputs, as a result of execution thereof, secu- 
rity notification data indicating "acceleration* or 
"S(4)pression", 

sakJ outputted data is transnvtted via sakJ fixed 
type security dedicated module to otiier sakl 
fixed type security dedicated modules of the 
systeoT, 

when sakf data is received tjy one of saki other 
fixed type security dedicated modules and indi- 
cates "acceieration". sakf moving type security 
dedk»ted software in sakf inactivation list is 
flnoved to saki activation list and said moving 
type security dedicated software beforehand 
existing in saki activation list is increased in an 
execution priority level, and 
when saki data is received by one of saki other 
conputers and irtdicates "suppression", saki 
moving type security dedicated software in said 
activatk)n list Is moved to saki inactivation list 

29. A conputer network managing device in accord' 
ance vvitii Claim 26, wher^n 

when saki moving type security dedicated soft- 
ware outputs, as a result of execution thereof, 
security notification data incUcating "suppres- 
sion*, saw software moves itself to the inactiva- 
tion list or rewrites itself tor invalklation thereof. 



saki module executes, when the activation list 
includes a moving type security dedicated soft- 



30. A computer network managing devbe In accord- 
ance with Claim 26, wherein said message to be 
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transmitted together wHh said moving type security type security dedicated module of a destination 

dedicated software or said security notification data computer of tfie message and a digital signature 

is an E-^i or datalrase access data. thereof, and 



31. A computer network managing device in accord- s 
ance with Claim 21, wherein said moving type 
security dedicated software includes a d^ital signa- 
ture of its own and 



said moving type security dedicated software 
rewrites, when it is determined that said soft- 
ware in said module is falsified, said software in 
said module for invalidalion thereof. 



said fixed type security dedicated module in a io 
destination corrputer of the message conducts 
verification by said digital signature to deter- 
mine that said moving type security dedicated 
software has not been felsified. 

T5 

32. A computer network managing device in accord- 
ance with Claim 2. wheran said moving type secu- 
rity dedicated software includes a data area to keep 
therein history of propagation and operation 
thereof. so 

when said data area indicates that said soft- 
ware is already propagated to the destination 
computer, said software stops ^e moving 
thereof. 2S 

33. A computer network managing device in accord- 
ance with Claim 21. wherein said moving type 
security dedicated software includes a data area to 
l(eep therein an index indicating a magnitude of so 
load resulted from operation of the software and 

one of said moving type securi^ dedicated 
software units is selected from the activation 
list for execution thereof, said one software ss 
having a k>west load among the software units. 

34. A computer network nrtanaging device in accord- 
ance with Claim 21. wherein said moving type 
security dedicated software aicrypts itself when 40 
said software is outside said fixed type security 
dedicated module. 

35. A computer network managing device in accord- 
ance with Claim 21. wherein said moving type 4S 
security dedicated software Includes a digital signa- 
ture of its own and periodically conducts verification 

of the digital sgnature to determine whether or not 
said software has been falsified, and 

so 

said software rewrites, when it is determined 
that saki software is falsified, itself for invalida- 
tion thereof. 

36. A computer networi< managing device in accord- 55 
ance vsnth Claim 21, wherein said moving type 
security dedicated software verifies another moving 
type security dedicated software existing in a fixed 



37. A computer networi< managing device in accord- 
ance with Claim 21 . wherein said fixed type security 
module keeps therein a list of a plurality of open 
keys, said keys being classified into two types of a 
promotion type and a non-promotton type, 

when said digital signature added to the mov- 
ing type security dedicated software can be 
confirmed by an open key classified into the 
propagation type. sakI each computer deter- 
mines that the moving type security dedicated 
software is of the promotion type, and 
when said digital signatt^e added to the mov- 
ing type security dedicated software can be 
confirmed by an open key dassified into the 
non-propagation type, said each computer 
determines that the moving type security dedi* 
cated software is of the non-promotion type. 

38. A conputer network managing device in accord- 
ance with Claim 21 . wherein said fixed type security 
module is prevented from accessing internal data 
beyond a read range, a write range, and an execu- 
tkm rage beforehand allocated for each user. 

39. A computer network managing device in accord- 
ance with Claim 21. wherein when copying data 
from an extemal system onto first one of said com- 
puters, said data is copied onto second one of sad 
oonputers. sakI second computer induding a plu* 
rality of moving type security dedicated software 
units in an active state, and 

saki data in which no injustice is detected by 
said moving type security dedicated software is 
copied onto said first computer, 

40. A conrputer network managing device in accord- 
ance with Claim 21 . wherein one of saki plural com- 
puters is set as a computer exclusively conducting 
oountermeasure again injustices, and 

data in which injustice are detected by said plu- 
ral moving type security defeated software 
units is forcibly moved to saki oountermeasure 
dedicated computer. 
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